How do i get rid of XP Security Installer Virus?

[circa808]

I somehow got a virus and its called XPSecurityInstaller. I checked my startup using msconfig and XPSecurityInstaller and braviax.exe keep running on startup even if i uncheck it and apply it. I tried using Ad-Aware, Spybot S & D, Avira Antivir, Registry Mechanic. I just cant seem to get rid of it. It says by my clock on my desktop "Your computer is infected", the yellow balloon comes up lik every 5 minutes. I found its registry values in regedit and deleted it. It also made a XPSecurityCenter folder in my C:\ProgramFiles\XPSecurityCenter\XPSecurityCenter. exe" /hide. Someone told me that this is a virus that tries to make you buy some anti-virus program that is supposedly supposed to get rid of the virus but doesn't and then your out $50. How do i get rid of this virus? O yea, my anti-spyware protector found this virus while scanning and i delete it but it seems to be coming back all the time. TR/Crypt.XPACK.Gen

 

[Respital]

Hello.

Download Hijackthis.
Link: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Install the program to the default directory.

Run Hijackthis and select "Do a system scan and save a log file".
Copy the entire log file and paste the contents here.

Do not fix anything unless advised to do so.

Hijackthis. will allow all of the computer security experts to check for the virus, where it's located along with any other problems you mite have.

 

[circa808]

It wont let me run HiJackThis. It won't let me run Spybot S&D, Spyware Doctor, Ad Aware anymore and some other Anti-virus programs i could install.

 

[Briguy]

It wont let me run HiJackThis. It won't let me run Spybot S&D, Spyware Doctor, Ad Aware anymore and some other Anti-virus programs i could install.

You could see if a repair installation would allow you to run HijackThis. It might solve a lot of your problems. After it's finished post a HijackThis log and run and post a combofix log. You can download combofix here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Perform a Repair Installation

Configure your computer to start from the CD-ROM drive. For more information about how to do this, refer to your computer's documentation or contact your computer manufacturer. Then insert your Windows XP Setup CD, and restart your computer.

1.


When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD.

2.


Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.

3.


Do not choose the option to press R to use the Recovery Console.

4.


In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.

5.


Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.

6.


Follow the instructions on the screen to complete Setup.

 

[G25r8cer]

^^ Is that all you recommend?? Geez

 

[Briguy]

^^ Is that all you recommend?? Geez

Do you have any better ideas! I didn't see you suggest anything!!!!

 

[G25r8cer]

Why not just use Killbox and kill the process?

 

[G25r8cer]

Or a simple restore point should take care of it.

 

[Briguy]

Why not just use Killbox and kill the process?

I hope he can get the program to work.

Being that he can't get hijackthis to work.

 

[cohen]

^^ Is that all you recommend?? Geez

I've seen it about 5 times now!

Do you have any better ideas! I didn't see you suggest anything!!!!

Well i do, run Hijackthis then run combofix. But HJT won't work so combo fix sounds good:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file from one of the three below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.forospyware.com/sUBs/ComboFix.exe
  http://subs.geekstogo.com/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

 

[Punk]

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm




Try to rename Hijackthis to run it:
RENAME HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.

 

[cohen]

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm




Try to rename Hijackthis to run it:
RENAME HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.

if you read the first page he said he can't do a hijackthis log....

 

[Punk]

if you read the first page he said he can't do a hijackthis log....

The infection is recognizing the hijackthis.exe file running and keeps it from running. If he changes the name to something else, it might work. It doesn't work all the time but it's worth a try.

 

[G25r8cer]

^^ Agreed!! Changing the name sometime works. If it is just an install problem then download the self supporting (running) version.

 

[cohen]

The infection is recognizing the hijackthis.exe file running and keeps it from running. If he changes the name to something else, it might work. It doesn't work all the time but it's worth a try.

i see what your doing now.